Software process modification platform for compliance
Abstract
Methods and systems are presented for providing a computer platform that manages the impacts of government regulations on existing software processes of an online service provider. A regulation document is obtained from a government agency. The regulation document is processed, and legal obligations relevant to an online service provider are extracted from the regulation document. An ensemble machine learning model is used to recommend, for each of the legal obligations, software controls that can be implemented within one or more software processes of the online service provider to mitigate a risk of the legal obligations. The ensemble machine learning model may include an attribute-based model and a text-based model. An explainable visual interface is provided to present the recommended software controls and context that indicates to a user how the software controls are determined for the legal obligations.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system, comprising:
a non-transitory memory; and
one or more hardware processors coupled with the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving data associated with a first obligation;
predicting, using one or more machine learning models, a set of controls implementable in a software process of an online service provider for mitigating a risk associated with non-compliance of the first obligation, wherein the set of controls is determined based in part on a set of different obligations that share common attributes with the first obligation; and
presenting, on a user device, a graphical user interface (GUI) comprising at least three layers of graphical elements for illustrating how the set of controls were predicted,
wherein a first layer of the GUI comprises a graphical element representing the first obligation,
wherein a second layer of the GUI, adjacent to the first layer, comprises a plurality of obligation graphical elements representing the set of different obligations that shares common attributes with the first obligation, and
wherein a third layer of the GUI, adjacent to the second layer, comprises a plurality of control graphical elements representing the set of controls predicted to mitigate the risk associated with non-compliance of the first obligation.
2. The system of claim 1 , wherein each of the plurality of control graphical elements is selectable, and wherein the operations further comprise:
receiving a selection of a control graphical element from the plurality of control graphical elements via the GUI;
determining, from the set of different obligations, one or more obligations for which a control corresponding to the control graphical element has been implemented; and
highlighting one or more obligation graphical elements corresponding to the one or more obligations on the GUI based on the selection.
3. The system of claim 1 , wherein each of the plurality of obligation graphical elements is selectable, and wherein the operations further comprise:
receiving a selection of an obligation graphical element from the plurality of obligation graphical elements via the GUI;
determining, from the set of controls, one or more controls that have been implemented within one or more software processes of the online service provider to mitigate a risk associated with non-compliance of a second obligation corresponding to the obligation graphical element; and
highlighting one or more control graphical elements corresponding to the one or more controls on the GUI based on the selection.
4. The system of claim 1 , wherein each of the plurality of control graphical elements is selectable, and wherein the operations further comprise:
receiving, via the GUI, a selection of one or more control graphical elements of the plurality of control graphical elements;
calculating a risk mitigation score based on the selection of the one or more control graphical elements and the risk associated with non-compliance of the first obligation, wherein the risk mitigation score represents an extent of mitigating when one or more controls corresponding to the one or more control graphical elements are implemented within the software process; and
presenting the risk mitigation score on the GUI.
5. The system of claim 4 , wherein the operations further comprise:
receiving an update to the selection of the one or more control graphical elements;
updating the risk mitigation score based on the update to the selection of the one or more control graphical elements; and
presenting the updated risk mitigation score on the GUI.
6. The system of claim 5 , wherein the update to the selection comprises at least one of adding a control graphical element to the one or more control graphical elements or removing a control graphical element from the one or more control graphical elements.
7. The system of claim 1 , wherein the graphical element of the first layer is disposed in a center of the GUI, wherein the plurality of obligation graphical elements of the second layer is disposed in a first boundary surrounding the graphical element, and wherein the plurality of control graphical elements of the third layer is disposed in a second boundary surrounding the second layer of graphical elements.
8. A method comprising:
receiving, by one or more hardware processors, data associated with a new or revised regulation;
determining, based on the data, a first obligation that impacts a process performed by an online service provider;
determining, by the one or more hardware processors using an ensemble machine learning model, a set of different obligations that share common attributes with the first obligation;
recommending, by the one or more hardware processors, a set of controls implementable in a software process of an online service provider for mitigating a risk associated with non-compliance of the first obligation based on the set of different obligations; and
presenting, on a user device, the recommended set of controls in a visual presentation, wherein the visual presentation comprises a multi-tier layout,
wherein a first tier in the multi-tier layout comprises a graphical element representing the first obligation,
wherein a second tier in the multi-tier layout, adjacent to the first tier, comprises a plurality of obligation graphical elements representing the set of different obligations that shares common attributes with the first obligation, and
wherein a third tier in the multi-tier layout, adjacent to the second tier, comprises a plurality of control graphical elements representing the set of controls predicted to mitigate the risk associated with non-compliance of the first obligation.
9. The method of claim 8 , wherein the visual presentation further comprises an input area that enables a user to input obligation attribute types for filtering the set of controls, and wherein the method further comprises:
receiving an obligation attribute type via the input area of the visual presentation;
identifying, from the set of obligations, one or more obligations that do not share an attribute corresponding to the obligation attribute type with the first obligation;
modifying the set of obligations by removing the one or more obligations;
updating the visual presentation based on the modified set of obligations.
10. The method of claim 9 , wherein the updating the visual presentation comprises:
removing, from the plurality of obligation graphical elements, one or more obligation graphical elements representing the one or more obligations from the visual presentation.
11. The method of claim 8 , wherein the updating the visual presentation comprises:
determining, from the set of controls, one or more controls that are not implemented for the modified set of obligations; and
removing one or more control graphical elements representing the one or more controls from the visual presentation.
12. The method of claim 8 , wherein each of the plurality of control graphical elements is selectable, and wherein the method further comprises:
receiving a selection of a control graphical element from the plurality of control graphical elements via the visual presentation;
determining one or more software processes of the online service provider within which a control represented by the control graphical element has been implemented; and
presenting, on the visual presentation, information associated with the one or more software processes.
13. The method of claim 8 , wherein each of the plurality of control graphical elements is selectable, and wherein the method further comprises:
receiving a selection of a control graphical element from the plurality of control graphical elements via the GUI;
automatically generating software code for the software process; and
integrating the software code within the software process.
14. The method of claim 8 , wherein each of the plurality of control graphical elements is selectable, and wherein the method further comprises:
receiving, via the visual presentation, a selection of one or more control graphical elements of the plurality of control graphical elements;
calculating a risk mitigation score based on the one or more control graphical elements, wherein the risk mitigation score represents an extent of mitigating the risk associated with non-compliance of the first obligation when one or more controls corresponding to the one or more control graphical elements are implemented within the software process; and
presenting the risk mitigation score on the visual presentation.
15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
receiving data associated with a first obligation;
predicting, using one or more machine learning models, a set of controls implementable in a software process of an online service provider for mitigating a risk associated with non-compliance of the first obligation, wherein the set of controls is determined based in part on a set of different obligations that share common attributes with the first obligation; and
presenting, on the user device, a graphical user interface (GUI) comprising a three-tier layout,
wherein a first tier of the three-tier layout comprises a graphical element representing the first obligation,
wherein a second tier of the three-tier layout, adjacent to the first tier, comprises a plurality of obligation graphical elements representing the set of different obligations that shares common attributes with the first obligation, and
wherein a third tier of the three-tier layout, adjacent to the second tier, comprises a plurality of control graphical elements representing the set of controls predicted to mitigate the risk associated with non-compliance of the first obligation.
16. The non-transitory machine-readable medium of claim 15 , wherein each of the plurality of control graphical elements is selectable, and wherein the operations further comprise:
receiving a selection of a control graphical element from the plurality of control graphical elements via the GUI;
determining, from the set of different obligations, one or more obligations for which a control corresponding to the control graphical element has been implemented; and
highlighting one or more obligation graphical elements corresponding to the one or more legal obligations on the GUI based on the selection.
17. The non-transitory machine-readable medium of claim 15 , wherein each of the plurality of obligation graphical elements is selectable, and wherein the operations further comprise:
receiving a selection of an obligation graphical element from the plurality of obligation graphical elements via the GUI;
determining, from the set of controls, one or more controls that have been implemented within one or more software processes of the online service provider to mitigate a risk associated with non-compliance of a second obligation corresponding to the obligation graphical element; and
highlighting one or more control graphical elements corresponding to the one or more controls on the GUI based on the selection.
18. The non-transitory machine-readable medium of claim 15 , wherein each of the plurality of control graphical elements is selectable, and wherein the operations further comprise:
receiving, via the GUI, a selection of one or more control graphical elements of the plurality of control graphical elements;
calculating a risk mitigation score based on the one or more control graphical elements, wherein the risk mitigation score represents an extent of mitigating the risk associated with non-compliance of the first obligation when one or more controls corresponding to the one or more control graphical elements are implemented within the software process; and
presenting the risk mitigation score on the GUI.
19. The non-transitory machine-readable medium of claim 18 , wherein the operations further comprise:
receiving an update to the selection of the one or more control graphical elements;
updating the risk mitigation score based on the update to the selection of the one or more control graphical elements; and
presenting the updated risk mitigation score on the GUI.
20. The non-transitory machine-readable medium of claim 15 , wherein the graphical element of the first tier is disposed at a first position within the GUI, wherein the plurality of obligation graphical elements of the second tier is disposed adjacent to the first position within the GUI, and wherein the plurality of control graphical elements of the third tier is disposed adjacent to the second tier.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.